Geodesic
End-to-end information flow security model for~software-defined networks
Modelirovanie i analiz informacionnyh sistem, Tome 22 (2015) no. 6, pp. 735-749.

Voir la notice de l'article provenant de la source Math-Net.Ru

Software-defined networks (SDN) are a novel paradigm of networking which became an enabler technology for many modern applications such as network virtualization, policy-based access control and many others. Software can provide flexibility and fast-paced innovations in the networking; however, it has a complex nature. In this connection there is an increasing necessity of means for assuring its correctness and security. Abstract models for SDN can tackle these challenges. This paper addresses to confidentiality and some integrity properties of SDNs. These are critical properties for multi-tenant SDN environments, since the network management software must ensure that no confidential data of one tenant are leaked to other tenants in spite of using the same physical infrastructure. We define a notion of end-to-end security in context of software-defined networks and propose a semantic model where the reasoning is possible about confidentiality, and we can check that confidential information flows do not interfere with non-confidential ones. We show that the model can be extended in order to reason about networks with secure and insecure links which can arise, for example, in wireless environments. The article is published in the authors' wording.
Keywords: SDN, security, formal models. 
@article{MAIS_2015_22_6_a0,
     author = {D. Ju. Chaly and E. S. Nikitin and E. Ju. Antoshina and V. A. Sokolov},
     title = {End-to-end information flow security model for~software-defined networks},
     journal = {Modelirovanie i analiz informacionnyh sistem},
     pages = {735--749},
     publisher = {mathdoc},
     volume = {22},
     number = {6},
     year = {2015},
     language = {en},
     url = {http://geodesic.mathdoc.fr/item/MAIS_2015_22_6_a0/}
}
TY  - JOUR
AU  - D. Ju. Chaly
AU  - E. S. Nikitin
AU  - E. Ju. Antoshina
AU  - V. A. Sokolov
TI  - End-to-end information flow security model for~software-defined networks
JO  - Modelirovanie i analiz informacionnyh sistem
PY  - 2015
SP  - 735
EP  - 749
VL  - 22
IS  - 6
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/MAIS_2015_22_6_a0/
LA  - en
ID  - MAIS_2015_22_6_a0
ER  - 
%0 Journal Article
%A D. Ju. Chaly
%A E. S. Nikitin
%A E. Ju. Antoshina
%A V. A. Sokolov
%T End-to-end information flow security model for~software-defined networks
%J Modelirovanie i analiz informacionnyh sistem
%D 2015
%P 735-749
%V 22
%N 6
%I mathdoc
%U http://geodesic.mathdoc.fr/item/MAIS_2015_22_6_a0/
%G en
%F MAIS_2015_22_6_a0
D. Ju. Chaly; E. S. Nikitin; E. Ju. Antoshina; V. A. Sokolov. End-to-end information flow security model for~software-defined networks. Modelirovanie i analiz informacionnyh sistem, Tome 22 (2015) no. 6, pp. 735-749. http://geodesic.mathdoc.fr/item/MAIS_2015_22_6_a0/

[1] E. Al-Shaer, S. Al-Haj, “FlowChecker: configuration analysis and verification of federated OpenFlow infrastructures”, SafeConfig 2010 : 2nd ACM Workshop on Assurable and Usable Security Configuration (October 4, 2010, Chicago, IL, USA), 37–44

[2] C. J. Anderson et al., “NetKAT: semantic foundations for networks”, POPL 2014: 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (January 22–24, 2014, San Diego, USA), 113–126 | Zbl

[3] E. Ju. Antoshina et al., “A translator with a security static analysis feature of an information flow for a simple programming language”, Autom. Control and Comp. Sciences, 48:7 (2014), 589–593 | DOI

[4] M. Casado, N. Foster, A. Guha, “Abstractions for software-defined networks”, Communications of the ACM, 57:10 (2014), 86–95 | DOI

[5] M. Casado et al., “Ethane: taking control of the enterprise”, ACM SIGCOMM 2007: Data Communications Festival (Augest 27–31, 2007, Kyoto, Japan)

[6] N. Foster et al., “Frenetic: a network programming language”, The 16th ACM SIGPLAN International Conference on Functional Programming (September 19–21, 2011, Tokyo, Japan), 279–291 | Zbl

[7] S. Gutz et al., “Splendid isolation: a slice abstraction for software-defined networks”, ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking (HotSDN) (August 13, 2012, Helsinki, Finland), 2012, 79–84

[8] C.-Y. Hong et al., “Achieving high utilization with software-driven WAN”, ACM SIGCOMM 2013 (August 12 – 16, 2013, Hong Kong, China)

[9] N. McKeown et al., “OpenFlow: enabling innovation in campus networks”, ACM Comp. Comm. Review, 38:2 (2008), 69–74 | DOI

[10] Open Networking Foundation, OpenFlow switch specification v. 1.4.0, (Last accessed: 10.05.2015) https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifications/openflow/openflow-spec-v1.4.0.pdf

[11] A. Sabelfeld, A.C. Myers, “Language-based information-flow security”, IEEE Journal on Selected Areas in Communications, 21 (2003), 5–19 | DOI

[12] R. Smeliansky, “SDN for network security”, Modern Networking Technologies: SDN NFV — The Next Generation of Computational Infrastructure (October 28–29, 2014, Moscow, Russia), 155–159

[13] D. Zhang et al., Jif: Java+ information flow, (Last accessed: 10.05.2015) http://www.cs.cornell.edu/jif/

[14] D. Zhang et al., “A Hardware Design Language for Timing-Sensitive Information-Flow Security”, ASPLOS 2015: Architectural Support for Programming Languages and Operating Systems (Mar 14–18, 2015, Istanbul, Turkey)

[15] D. Hedin et al., “JSFlow: Tracking Information Flow in JavaScript and its APIs”, The 29th Symposium On Applied Computing (March 24–28, 2014, Gyeongju, Korea), 1663–1671

[16] O. Arden et al., “Sharing Mobile Code Securely With Information Flow Control”, IEEE Symp. on Security and Privacy (SP), 2012, 191–205

[17] A. Cheung et al., “Using Program Analysis to Improve Database Applications”, IEEE Data Eng. Bull., 37:1 (2014), 48–59